View Full Version : Update.microsoft.com takes me to Google - Unable to install Spybot aswell. HELP!
Hi guys/gals.
I've had this problem for a while now, I can't go to certain anti-virus sites and update.microsoft.com takes me to Google.
I've tried using Malwarebytes' AntiMalware and Trojan Remover in safe mode with networking.
Here is my HiJackThis log. Help me!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:42 PM, on 26/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Shayne Johnson\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183401949718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 12135 bytes
Hi Goofpig
Please download GMER (http://gmer.net/gmer.zip) by GMER. An alternate download site (http://www2.gmer.net/gmer.zip).
Unzip it to a folder on your desktop.
Double click on gmer.exe to execute.
If asked, allow the gmer.sys driver load.
If you get a warning prompt about rootkit activity ... asking if you want to run Scan, click OK.
If you don't get a warning then... Click the Rootkit/Malware tab at the top of the GMER window.
Click the Scan button. Once the scan has finished... click Copy. ... Do not close the GMER window yet...
Open Notepad and paste what you copied. Ctrl+V
Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.
In the GMER window...
Click on the >>> tab at the top of the GMER window.
This displays the rest of the "selection" tabs for you.
Click on the Autostart tab.
Click on Scan button.
Once the scan has finished... click Copy.
Open Notepad (again) and paste what you copied. Ctrl+V
Select "Save As" in Notepad...saving the file to your desktop as "gmerauto.txt"
Copy and paste the contents of the files gmerroot.txt and gmerauto.txt in you next reply.
Here are the files you requested.
After I ran the first scan, my mouse froze and i had to restart the computer before the autoscan.
gmerroot
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-28 22:43:44
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwCreateKey [0xBA6BE0D0]
SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340]
SSDT sptd.sys ZwOpenKey [0xBA6BE0B0]
SSDT sptd.sys ZwQueryKey [0xBA6C4418]
SSDT sptd.sys ZwQueryValueKey [0xBA6C4298]
SSDT sptd.sys ZwSetValueKey [0xBA6C44AA]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? System32\Drivers\asjczfdl.SYS The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload B86CE8AC 5 Bytes JMP 8A5861C8
? System32\Drivers\aokfc6z8.SYS The system cannot find the path specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6BEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6BEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6BEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6BF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6BF61E] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A9591E8
Device \Driver\usbohci \Device\USBPDO-0 8A5851E8
Device \Driver\usbehci \Device\USBPDO-1 8A5791E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A9C61E8
Device \Driver\Cdrom \Device\CdRom0 8A6EE790
Device \Driver\Cdrom \Device\CdRom1 8A6EE790
Device \Driver\Cdrom \Device\CdRom2 8A6EE790
Device \Driver\PCI_NTPNP1764 \Device\00000068 sptd.sys
Device \Driver\PCI_NTPNP1764 \Device\00000069 sptd.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 88F4A1E8
Device \Driver\NetBT \Device\NetbiosSmb 88F4A1E8
Device \Driver\PCI_NTPNP1764 \Device\0000006a sptd.sys
Device \Driver\usbohci \Device\USBFDO-0 8A5851E8
Device \Driver\usbehci \Device\USBFDO-1 8A5791E8
Device \Driver\nvatabus \Device\NvAta0 8A9C51E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88DE51E8
Device \Driver\nvata \Device\NvAta1 8A95A1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88DE51E8
Device \Driver\nvata \Device\NvAta2 8A95A1E8
Device \Driver\Ftdisk \Device\FtControl 8A9C61E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C422D439-1746-4D2D-99CF-4D05CCC19EFE} 88F4A1E8
Device \Driver\nvatabus \Device\0000008b 8A9C51E8
Device \Driver\aokfc6z8 \Device\Scsi\aokfc6z81Port5Path0Target0Lun0 8A4531E8
Device \Driver\asjczfdl \Device\Scsi\asjczfdl1 8A7571E8
Device \Driver\aokfc6z8 \Device\Scsi\aokfc6z81 8A4531E8
Device \Driver\asjczfdl \Device\Scsi\asjczfdl1Port4Path0Target0Lun0 8A7571E8
Device \Driver\nvata \Device\0000008d 8A95A1E8
Device \FileSystem\Fastfat \Fat 88DAE1E8
Device \FileSystem\Fastfat \Fat A171E297
Device \FileSystem\Cdfs \Cdfs 88F1B1E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC0 0xD0 0xFE 0xE6 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x54 0x5A 0x1D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x08 0x5A 0xAB 0x27 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9D 0xBE 0xAA 0xD9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x2E 0xC0 0xAE 0xC4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x10 0x18 0x64 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 265071415
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1768775792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x34 0x01 0xD5 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0xED 0xD6 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDD 0x70 0x5C 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xCC 0x92 0x4A 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xA8 0x8D 0x00 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x02 0xAD 0x78 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x54 0x5A 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEB 0xAD 0x17 0x7D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xD7 0x66 0x0B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x54 0x5A 0x1D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBF 0xB8 0x6E 0xBC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9D 0xBE 0xAA 0xD9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x2E 0xC0 0xAE 0xC4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x10 0x18 0x64 0x60 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x34 0x01 0xD5 0xEC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0xED 0xD6 0xF1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDD 0x70 0x5C 0xB1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xCC 0x92 0x4A 0x39 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xA8 0x8D 0x00 0xB6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x02 0xAD 0x78 0x4B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x54 0x5A 0x1D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEB 0xAD 0x17 0x7D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x34 0x01 0xD5 0xEC ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0xED 0xD6 0xF1 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDD 0x70 0x5C 0xB1 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xCC 0x92 0x4A 0x39 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xA8 0x8D 0x00 0xB6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x02 0xAD 0x78 0x4B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x54 0x5A 0x1D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEB 0xAD 0x17 0x7D ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Mage Knight(TM) Apocalypse\sound\ca041a-tu\x2019rajacolyte.sac 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\NAMCO BANDAI Games\Mage Knight(TM) Apocalypse\sound\ca042a-tu\x2019rajpriest.sac 1
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\A3D.dll 60928 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\ac3api.dll 48640 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\AddCat.exe 48400 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\APOIM32.exe 595249 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\CiSetup.dll 94208 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\Ct20xspi.dll 15360 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\CTAPO32.dll 497152 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\ctasio.dll 50688 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\ctdproxy.dll 53248 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\CTEMUPIA.dll 114688 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\CTMLFx32.dll 62976 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\ctosuser.dll 74752 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\ctppld.dll 47104 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\ctpxst32.exe 89336 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\CTtele32.dll 102400 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\CTxfiBtn.dll 41472 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\Ctxfihlp.exe 23552 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\CTxfiReg.exe 47104 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\CTxfiSpi.exe 1212928 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\CtxfiSpk.dll 39424 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\ct_oal.dll 193024 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\devreg.dll 36864 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\EAXAC3.DLL 77824 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\enlocstr.exe 7680 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\killapps.exe 12800 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\mididef.exe 31232 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\OALInst.exe 805400 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\piaproxy.dll 68608 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\regplib.exe 16384 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\sfman32.dll 10240 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\sfms32.dll 108544 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\thunk 0 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\thunk\ctasio.dll 51712 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\thunk\ctdproxy.dll 61952 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\thunk\piaproxy.dll 80896 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\common\i386\thunk\sfms32.dll 113152 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\ctdcres.dll 10240 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\ctpres.dll 9728 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\CtxfiBrz.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\CTxfiCHS.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\CTxfiCHT.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\CtxfiDut.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\CtxfiFrn.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\CtxfiGer.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\CtxfiIta.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\ctxfiJpn.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\ctxfiKor.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\CtxfiRes.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\CtxfiSpn.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\inres.dll 12288 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\inresBrz.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\inResCHS.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\inResCHT.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\inresDut.dll 24576 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\inresFrn.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\inresGer.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\inresIta.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\InResJpn.dll 16384 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\InResKor.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\amd64\inresSpn.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\ctdcres.dll 10240 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\ctpres.dll 9216 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\CtxfiBrz.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\CTxfiCHS.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\CTxfiCHT.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\CtxfiDut.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\CtxfiFrn.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\CtxfiGer.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\CtxfiIta.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\ctxfiJpn.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\ctxfiKor.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\CtxfiRes.dll 2560 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\CtxfiSpn.dll 3072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\inres.dll 11776 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\inresBrz.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\inResCHS.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\inResCHT.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\inresDut.dll 24576 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\inresFrn.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\inresGer.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\inresIta.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\InResJpn.dll 16384 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\InResKor.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\lang\i386\inresSpn.dll 20480 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64 0 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64\CT20XUT.SYS 202776 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64\ctac32k.sys 580632 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64\ctaud2k.sys 684184 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64\CtCoInst.dll 73728 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64\CtDvInst.dll 217088 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64\CTEXFIFX.SYS 1417240 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64\CTHWIUT.SYS 94744 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64\ctoss2k.sys 179224 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64\ctprxy2k.sys 15896 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64\ctsfm2k.sys 213016 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64\emupia2k.sys 118296 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64\ha20x2k.sys 1561112 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\amd64\PfModNT.sys 16408 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\ctdlang.dat 321512 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\ctdnlstr.dat 56509 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data 0 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctd20x.dat 26919 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0460w.dat 275836 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0462w.dat 275836 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0463w.dat 276282 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0464w.dat 275836 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0465w.dat 275836 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0466w.dat 275836 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0468w.dat 275836 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0469w.dat 275836 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp046Aw.dat 275508 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp046Bw.dat 275508 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp046Cw.dat 275508 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0550w.dat 276094 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp055Aw.dat 275766 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0678w.dat 357983 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0679w.dat 357983 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0730w.dat 277688 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp073Aw.dat 277688 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0760w.dat 275257 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0772v.dat 364401 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0772w.dat 277750 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0773v.dat 364401 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0773w.dat 277750 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0775v.dat 364401 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0775w.dat 277750 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0776v.dat 364401 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0776w.dat 277750 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0779v.dat 364401 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctp0779w.dat 277750 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\cts20x.dat 2091 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctxficbm.rfx 7352 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctxficm.rfx 41624 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctxfiem.rfx 41788 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\data\ctxfigm.rfx 41320 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386 0 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\CT20XUT.SYS 171032 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\ctac32k.sys 511000 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\ctaud2k.sys 526232 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\CtCoInst.dll 86016 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\ctdvda2k.sys 347080 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\CtDvInst.dll 181248 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\CTEXFIFX.SYS 1324056 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\CTHWIUT.SYS 72728 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\ctoss2k.sys 130072 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\ctprxy2k.sys 14360 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\ctsfm2k.sys 158744 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\emupia2k.sys 95768 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\ha20x2k.sys 1177624 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\i386\PfModNT.sys 15384 bytes executable
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\SBXFi.ico 766 bytes
File C:\WINDOWS\Temp\CRF003\Drivers\XFHX\wdm\win2k_xp\XFi.bmp 3128 bytes
File C:\WINDOWS\Temp\CRF003\License\Italiano\License.txt 56352 bytes
File C:\WINDOWS\Temp\CRF003\License\Japanese\License.txt 51912 bytes
File C:\WINDOWS\Temp\CRF003\License\Korean\License.txt 49310 bytes
File C:\WINDOWS\Temp\CRF003\License\Nederlnd\License.txt 57632 bytes
File C:\WINDOWS\Temp\CRF003\License\Norsk\License.txt 0 bytes
---- EOF - GMER 1.0.15 ----
gmerauto
GMER 1.0.15.14972 - http://www.gmer.net
Autostart scan 2009-05-28 22:51:39
Windows 5.1.2600 Service Pack 3
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
WgaLogon@DLLName = WgaLogon.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Autodesk Licensing Service@ = "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
Creative Service for CDROM Access@ = C:\WINDOWS\system32\CTsvcCDA.exe
CTAudSvcService@ = C:\Program Files\Creative\Shared Files\CTAudSvc.exe
libusbd@ = system32\libusbd-nt.exe
mi-raysat_3dsmax9_32@ = "C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
WinDefend@ = "C:\Program Files\Windows Defender\MsMpEng.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@type32"C:\Program Files\Microsoft IntelliType Pro\type32.exe" = "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
@AudioDrvEmulator"C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" = "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
@SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
@ISUSPM StartupC:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
@ISUSScheduler"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
@Name of AppC:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r /*file not found*/ = C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r /*file not found*/
@H2OC:\Program Files\SyncroSoft\Pos\H2O\cledx.exe = C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@CTDVDDET"C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" = "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
@RCSystem"C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup = "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
@VolPanel"C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r = "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
@UpdRegC:\WINDOWS\UpdReg.EXE = C:\WINDOWS\UpdReg.EXE
@WinampAgent"C:\Program Files\Winamp\winampa.exe" = "C:\Program Files\Winamp\winampa.exe"
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@CTHelperCTHELPER.EXE = CTHELPER.EXE
@IntelliPoint"c:\Program Files\Microsoft IntelliPoint\ipoint.exe" = "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
@TrojanScannerC:\Program Files\Trojan Remover\Trjscan.exe /boot /*file not found*/ = C:\Program Files\Trojan Remover\Trjscan.exe /boot /*file not found*/
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@ISUSPM"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
@CTxfiHlpCTXFIHLP.EXE = CTXFIHLP.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MsnMsgr"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
@Steam"c:\program files\steam\steam.exe" -silent = "c:\program files\steam\steam.exe" -silent
@Creative Detector"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
@CurseClientC:\Program Files\Curse\CurseClient.exe -silent /*file not found*/ = C:\Program Files\Curse\CurseClient.exe -silent /*file not found*/
@H/PC Connection Agent"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = C:\PROGRA~1\WINDOW~4\MpShHook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
@{97FA8AA2-EE77-4FF2-9449-424D8924EF21} /*IntelliType Pro Zooming Control Panel Property Page*/"C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll" = "C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"
@{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} /*IntelliType Pro Scrolling Control Panel Property Page*/"C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll" = "C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"
@{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} /*IntelliType Pro Key Settings Control Panel Property Page*/"C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll" = "C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"
@{A2569D1F-4E06-43EC-9825-0088B471BE47} /*IntelliType Pro Wireless Control Panel Property Page*/"C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll" = "C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{23170F69-40C1-278A-1000-000100020000} /*7-Zip Shell Extension*/C:\Program Files\7-Zip\7-zip.dll = C:\Program Files\7-Zip\7-zip.dll
@{906b0e6e-61ce-11d3-8ee2-0060080a7242} /*QuickSFV Shell Extension*/C:\Program Files\QuickSFV\QSFVShll.dll = C:\Program Files\QuickSFV\QSFVShll.dll
@{73B24247-042E-4EF5-ADC2-42F62E6FD654} /*ICQ Lite Shell Extension*/C:\Program Files\ICQLite\ICQLiteShell.dll = C:\Program Files\ICQLite\ICQLiteShell.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} /*PowerISO*/C:\Program Files\PowerISO\PWRISOSH.DLL = C:\Program Files\PowerISO\PWRISOSH.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{5800AD5B-72C1-477B-9A08-CA112DF06D97} /*AutoCAD DWG InfoTip Handler*/C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll = C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
@{8A0BC933-7552-42E2-A228-3BE055777227} /*AutoCAD DWG Column Handler*/C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll = C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
@{ADC46291-D8A1-4486-A24C-86FFB392AEFA} /*Autodesk Dgn File Preview*/C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM17.dll = C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM17.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*AutoCAD Digital Signatures Icon Overlay Handler*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{20082881-FC36-4E47-9A7A-644C95FF749F} /*IntelliPoint Wireless Control Panel Property Page*/"c:\Program Files\Microsoft IntelliPoint\ipcplwir.dll" = "c:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"
@{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} /*IntelliPoint Wheel Control Panel Property Page*/"c:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll" = "c:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"
@{653DCCC2-13DB-45B2-A389-427885776CFE} /*IntelliPoint Activities Control Panel Property Page*/"c:\Program Files\Microsoft IntelliPoint\ipcplact.dll" = "c:\Program Files\Microsoft IntelliPoint\ipcplact.dll"
@{124597D8-850A-41AE-849C-017A4FA99CA2} /*IntelliPoint Buttons Control Panel Property Page*/"c:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll" = "c:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL = C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{49BF5420-FA7F-11cf-8011-00A0C90A8F78} /*Mobile Device*/C:\PROGRA~1\MI3AA1~1\Wcesview.dll = C:\PROGRA~1\MI3AA1~1\Wcesview.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/C:\PROGRA~1\TROJAN~1\Trshlex.dll = C:\PROGRA~1\TROJAN~1\Trshlex.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll
Autodesk.DWF.ContextMenu@{6C18531F-CA85-45F7-8278-FF33CF0A5964} = C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Program Files\ICQLite\ICQLiteShell.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
QuickSFV Shell Extension@{906b0e6e-61ce-11d3-8ee2-0060080a7242} = C:\Program Files\QuickSFV\QSFVShll.dll
Trojan Remover@{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Program Files\ICQLite\ICQLiteShell.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
QuickSFV Shell Extension@{906b0e6e-61ce-11d3-8ee2-0060080a7242} = C:\Program Files\QuickSFV\QSFVShll.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
InventorMenu@{6FDE7A70-351B-11d6-988B-0010B57A8BB7} = C:\Program Files\Autodesk\Inventor 6\Bin\DT.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
Trojan Remover@{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{22BF413B-C6D2-4d91-82A9-A0F997BA588C}C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll = C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\ssmarque.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.msn.com/ = http://www.msn.com/
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.com.au/ = http://www.google.com.au/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
skype4com@CLSID = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll
C:\Documents and Settings\Shayne Johnson\Start Menu\Programs\Startup = OneNote 2007 Screen Clipper and Launcher.lnk
---- EOF - GMER 1.0.15 ----
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
Here you go!
ComboFix 09-05-28.07 - Shayne Johnson 29/05/2009 18:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1464 [GMT 10:00]
Running from: c:\documents and settings\Shayne Johnson\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Shayne Johnson\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Shayne Johnson\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Shayne Johnson\Local Settings\Temporary Internet Files\update.inf
c:\windows\system32\drivers\ovfsthjotprdmltfgqnklvmkhausmlqacxmowu.sys.vir
c:\windows\system32\lmn_setup.exe
c:\windows\system32\msvcsv60.dll
c:\windows\system32\ovfsthshfsfateujgsfjhijtwbsfqwllmqpajh.dll.vir
c:\windows\system32\ovfsthwrkwrfiwkyucxyixdbrxbloptwvkjsqx.dll.vir
c:\windows\system32\prnet.tmp
c:\windows\system32\UACtppxdqedjetoldu.dat
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.
2009-05-27 04:33 . 2009-05-27 04:33 -------- d-----w c:\program files\Common Files\Creative Labs Shared
2009-05-24 03:07 . 2009-05-24 03:29 -------- d-----w c:\program files\PhotoScape
2009-05-23 15:08 . 2009-04-29 07:51 2933624 ----a-w c:\documents and settings\Shayne Johnson\Application Data\Simply Super Software\Trojan Remover\jjw1.exe
2009-05-23 07:18 . 2009-05-23 07:18 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\PACE Anti-Piracy
2009-05-23 07:18 . 2009-05-23 07:18 -------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-05-23 07:18 . 2009-05-23 07:18 -------- d-----w c:\program files\Common Files\PACE Anti-Piracy
2009-05-23 07:18 . 2009-05-23 07:18 -------- d-----w c:\documents and settings\Shayne Johnson\Local Settings\Application Data\PACE Anti-Piracy
2009-05-23 06:58 . 2009-05-23 06:58 69632 ----a-r c:\documents and settings\Shayne Johnson\Application Data\Microsoft\Installer\{66F49D6A-E999-4DB0-ADB6-EE546806E340}\NewShortcut2_33D628D2DE174DBC9E7D9A4B4649EF81.exe
2009-05-23 06:58 . 2009-05-23 06:58 29926 ----a-r c:\documents and settings\Shayne Johnson\Application Data\Microsoft\Installer\{66F49D6A-E999-4DB0-ADB6-EE546806E340}\ARPPRODUCTICON.exe
2009-05-23 06:58 . 2009-05-23 06:58 -------- d-----w c:\program files\Antares Audio Technologies
2009-05-23 06:58 . 2009-05-23 06:58 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\Antares
2009-05-20 11:41 . 2009-05-20 11:45 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\REAPER
2009-05-20 11:41 . 2009-05-20 11:41 -------- d-----w c:\program files\REAPER
2009-05-20 07:58 . 2009-05-20 07:58 -------- d-----w c:\program files\AnalogX
2009-05-19 11:53 . 2009-05-19 20:41 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\Twain
2009-05-19 11:43 . 2009-05-19 11:43 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\ptidl
2009-05-19 11:43 . 2009-05-19 11:43 10752 ----a-w c:\documents and settings\Shayne Johnson\Application Data\ptidl\ptidl.exe
2009-05-14 11:03 . 2009-05-14 11:03 52224 ----a-w c:\windows\system32\drivers\UACvbqjbabwucfmlwm.sys.vir
2009-05-13 21:26 . 2009-05-23 01:14 5584 ----a-w c:\windows\system32\uacinit.dll.vir
2009-05-13 21:25 . 2009-05-13 21:25 28672 ----a-w c:\windows\ieocx.dll.vir
2009-05-10 10:34 . 2008-06-19 07:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-10 10:34 . 2009-05-10 10:34 -------- d-----w c:\program files\Panda Security
2009-05-10 10:06 . 2009-05-10 10:06 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\Malwarebytes
2009-05-10 09:45 . 2009-05-10 09:45 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-10 09:39 . 2006-06-19 03:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
2009-05-10 09:39 . 2006-05-25 05:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
2009-05-10 09:39 . 2005-08-25 15:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
2009-05-10 09:39 . 2003-02-02 10:06 153088 ----a-w c:\windows\system32\UNRAR3.dll
2009-05-10 09:39 . 2002-03-05 15:00 75264 ----a-w c:\windows\system32\unacev2.dll
2009-05-10 09:39 . 2009-05-10 09:39 -------- d-----w c:\program files\Trojan Remover
2009-05-10 09:39 . 2009-05-10 09:39 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\Simply Super Software
2009-05-10 09:39 . 2009-05-10 09:39 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-05-10 09:16 . 2009-05-10 09:16 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\AVGTOOLBAR
2009-05-10 09:16 . 2009-05-10 09:18 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-10 09:16 . 2009-05-10 09:16 -------- d-----w c:\program files\AVG
2009-05-10 09:13 . 2009-05-10 09:13 -------- d-----w c:\program files\Trend Micro
2009-05-10 09:12 . 2009-04-06 05:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-10 09:12 . 2009-04-06 05:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 09:12 . 2009-05-10 09:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-10 09:12 . 2009-05-10 09:12 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 08:23 . 2006-11-10 05:00 -------- d-----w c:\program files\Steam
2009-05-27 11:33 . 2006-07-25 06:32 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\Azureus
2009-05-27 10:14 . 2009-01-12 09:51 32 ----a-w c:\windows\msocreg32.dat
2009-05-27 05:41 . 2006-07-24 09:04 -------- d-----w c:\documents and settings\All Users\Application Data\Creative
2009-05-27 04:34 . 2006-07-24 08:48 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-27 04:34 . 2005-10-29 11:35 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-05-27 04:34 . 2005-10-29 11:32 109080 ----a-w c:\windows\system32\OpenAL32.dll
2009-05-23 23:26 . 2009-04-16 21:37 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-18 11:50 . 2006-07-25 10:52 -------- d-----w c:\program files\Winamp
2009-05-13 11:22 . 2006-12-10 11:46 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-10 09:08 . 2007-08-29 07:27 -------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2009-05-10 09:03 . 2009-04-28 10:53 -------- d-----w c:\program files\BitDefender
2009-05-10 09:03 . 2009-04-28 10:53 -------- d-----w c:\program files\Common Files\BitDefender
2009-05-09 07:24 . 2008-09-03 09:53 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\Skype
2009-05-06 07:45 . 2008-09-03 09:53 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\skypePM
2009-04-28 15:02 . 2008-12-03 09:01 -------- d-----w c:\program files\FriendBlasterPro
2009-04-28 11:03 . 2006-07-24 12:04 115960 ----a-w c:\documents and settings\Shayne Johnson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 10:51 . 2007-08-26 11:41 223784 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-21 12:17 . 2006-07-31 11:33 -------- d-----w c:\program files\Soulseek
2009-04-19 10:06 . 2009-04-19 10:06 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-17 08:52 . 2009-04-17 08:52 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-17 08:51 . 2009-04-17 08:51 -------- d-----w c:\program files\Windows Mobile Device Handbook
2009-04-16 21:44 . 2009-04-16 21:37 -------- d-----w c:\program files\Easy Adder
2009-04-16 17:19 . 2008-12-21 02:30 -------- d-----w c:\program files\Google
2009-04-16 17:01 . 2008-08-29 12:42 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-15 10:51 . 2009-04-15 10:51 -------- d-----w c:\program files\CSV Easy
2009-04-10 01:09 . 2009-04-10 01:08 116 ----a-w c:\documents and settings\Shayne Johnson\Application Data\netstat.bat
2009-04-10 01:09 . 2009-04-10 01:08 116 ----a-w c:\documents and settings\Shayne Johnson\Application Data\netstat.bat
2009-04-01 08:26 . 2009-04-01 08:26 -------- d-----w c:\program files\Microsoft Works
2009-04-01 08:25 . 2009-04-01 08:25 -------- d-----w c:\program files\Microsoft.NET
2009-04-01 08:10 . 2007-09-26 05:16 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\GetRightToGo
2009-03-18 10:46 . 2009-03-18 10:46 737280 ----a-w c:\windows\iun6002.exe
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-05 06:55 . 2009-03-19 15:49 4604240 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{326F52A0-E5BA-4774-9D5B-04D69FA713F3}\mpengine.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="c:\program files\steam\steam.exe" [2009-05-19 1217784]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2008-10-10 4789760]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-11 132496]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2007-04-05 684118]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-17 45056]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-04-29 1053576]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-02-20 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-10-07 23552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-23 437160]
c:\documents and settings\Shayne Johnson\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\goofpig\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Electronic Arts\\Warhammer Online - Age of Reckoning\\warpatch.exe"=
"c:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steinberg\\Cubase SX 3\\Cubasesx3.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"9420:TCP"= 9420:TCP:*:Disabled:Red Swoosh
"5000:UDP"= 5000:UDP:*:Disabled:Red Swoosh
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/05/2009 8:34 PM 28544]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 6:19 PM 13592]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [26/12/2006 10:49 AM 33792]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [8/10/2008 1:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [8/10/2008 1:21 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [8/10/2008 1:21 AM 72728]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [24/06/2008 9:52 PM 33792]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys --> c:\windows\system32\DRIVERS\nvtvsnd.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [27/05/2009 2:33 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [8/10/2008 1:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [8/10/2008 1:21 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [8/10/2008 1:21 AM 72728]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28/08/2006 11:54 PM 10664]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [24/06/2004 2:52 PM 7552]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
2009-05-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 08:20]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Shayne Johnson\Start Menu\Programs\IMVU\Run IMVU.lnk
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 18:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1644491937-1343024091-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a0,cd,fe,5c,74,70,f0,e0,fe,dd,3f,57,6a,0b,12,07,09,41,3c,a4,66,db,4a,
33,70,23,9d,42,c6,2b,0e,1e,f6,5b,47,fa,e6,59,57,06,a9,df,92,e5,b4,77,e0,fe,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
[HKEY_USERS\S-1-5-21-1644491937-1343024091-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:5c,55,d6,96,78,5c,ff,a2,06,24,2e,aa,54,b7,8f,7a,46,cf,6a,1d,4d,
6e,40,0e,e6,56,a0,d2,d8,25,d5,ab,f1,44,39,c8,fd,59,b0,51,07,aa,d8,16,7c,32,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2800)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\libusbd-nt.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\CTxfispi.exe
c:\windows\system32\rundll32.exe
c:\program files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-05-29 18:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-29 08:29
Pre-Run: 33,746,407,424 bytes free
Post-Run: 36,288,806,912 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
291 --- E O F --- 2009-05-09 23:08
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
Here you go.
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3dsmax ancillary install
7-Zip 4.42
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
Advertisement Service
Advertisement Service
AGEIA PhysX v7.09.13
AmpliTube Metal
AmpliTube2
AnalogX Vocoder
Antares Auto-Tune Evo VST
Apple Mobile Device Support
Apple Software Update
AutoCAD 2008 - English
Autodesk 3ds Max 9 32-bit
Autodesk AliasStudioPLE 2008
Autodesk DWF Viewer 7
Autodesk Inventor 6
Azureus
Backburner
Battlefield 2142
BioShock
BitDefender Definitions Update
Bonjour
CleanUp!
CrazyTalk for Skype
Creative Audio Control Panel
Creative Media Toolbox
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
CSV Easy 1.1.2
Curse Client
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Drumagog 4
EA Download Manager
Easy Adder 3.37
Edirol HQ Orchestral VSTi v1.03
Edirol Hyper Canvas
EZdrummer
EZXDfh
Fallout
FBX Plugin 2006.08 for Max 9.0
Finale NotePad 2006
FriendBlasterPro
FW LiveUpdate
Galactic Civilizations II - Gold Edition
GCFScape 1.4.0
Guitar Pro 5.2
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Hellgate: London
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
ICQ 5.1
IGN Download Manager 2.2.2
InterVideo WinDVD
InterVideo WinDVD Creator 2
iriver plus (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.88 Full
LibUSB-Win32-0.1.10.1
LimeWire 4.12.6
Logitech Desktop Messenger
Logitech Harmony Remote Client
Malwarebytes' Anti-Malware
Mass Effect
Media Manager for WALKMAN 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MilkDrop for Winamp 2x (remove only)
MINERVA: Metastasis 2
mIRC
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MTP Porting Kit
Native Instruments - Rig Kontrol 3 Driver
Native Instruments Guitar Rig 3
Natural Color
Nero OEM
Nero Suite
ninemsn Internet Software
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
OGA Notifier 1.7.0105.35.0
OpenAL
Organ One v. 2.10
Panda ActiveScan 2.0
PC Connectivity Solution
PeerGuardian 2.0
PhotoScape
PlayLinc
PlayNC Launcher
Portal
Power Tab Editor 1.7
PowerISO
Project64 1.6
QuickSFV (Remove only)
QuickTime
REAPER
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Shareaza version 2.2.1.0
Skype™ 3.8
SoulSeek Client 156c
Sound Blaster X-Fi
SpeechRedist
SPORE™
Stardock Central
Steam
Steinberg Cubase SX v3.1.1.944
SyncroSoft Emu (Remove only)
Syncrosoft's License Control
System Requirements Lab
TabIt version 2.03 (Trial)
Team Fortress 2
Trojan Remover 6.7.8
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Ventrilo Client
VideoLAN VLC media player 0.8.6c
Visual Basic 5
VobSub v2.23 (Remove Only)
WA Update v3.50 beta2
Warhammer Online - Age of Reckoning
Winamp
Windows Communication Foundation
Windows Defender
Windows Defender Signatures
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Mobile® Device Handbook
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinFast(R) Display Driver
WinRAR archiver
WinZip
XviD MPEG-4 Codec
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
uTorrent
Azureus
LimeWire 4.12.6
Shareaza version 2.2.1.0
SoulSeek Client 156c
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Uninstall also these:
Advertisement Service
Advertisement Service
Please run a new uninstall log scan when finished and post the log back here.
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3dsmax ancillary install
7-Zip 4.42
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
AGEIA PhysX v7.09.13
AmpliTube Metal
AmpliTube2
AnalogX Vocoder
Antares Auto-Tune Evo VST
Apple Mobile Device Support
Apple Software Update
AutoCAD 2008 - English
Autodesk 3ds Max 9 32-bit
Autodesk AliasStudioPLE 2008
Autodesk DWF Viewer 7
Autodesk Inventor 6
Backburner
Battlefield 2142
BioShock
BitDefender Definitions Update
Bonjour
CleanUp!
CrazyTalk for Skype
Creative Audio Control Panel
Creative Media Toolbox
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
CSV Easy 1.1.2
Curse Client
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Drumagog 4
EA Download Manager
Easy Adder 3.37
Edirol HQ Orchestral VSTi v1.03
Edirol Hyper Canvas
EZdrummer
EZXDfh
Fallout
FBX Plugin 2006.08 for Max 9.0
Finale NotePad 2006
FriendBlasterPro
FW LiveUpdate
Galactic Civilizations II - Gold Edition
GCFScape 1.4.0
Guitar Pro 5.2
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Hellgate: London
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
ICQ 5.1
IGN Download Manager 2.2.2
InterVideo WinDVD
InterVideo WinDVD Creator 2
iriver plus (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.88 Full
LibUSB-Win32-0.1.10.1
Logitech Desktop Messenger
Logitech Harmony Remote Client
Malwarebytes' Anti-Malware
Mass Effect
Media Manager for WALKMAN 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MilkDrop for Winamp 2x (remove only)
MINERVA: Metastasis 2
mIRC
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MTP Porting Kit
Native Instruments - Rig Kontrol 3 Driver
Native Instruments Guitar Rig 3
Natural Color
Nero OEM
Nero Suite
ninemsn Internet Software
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
OGA Notifier 1.7.0105.35.0
OpenAL
Organ One v. 2.10
Panda ActiveScan 2.0
PC Connectivity Solution
PeerGuardian 2.0
PhotoScape
PlayLinc
PlayNC Launcher
Portal
Power Tab Editor 1.7
PowerISO
Project64 1.6
QuickSFV (Remove only)
QuickTime
REAPER
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Skype™ 3.8
Sound Blaster X-Fi
SpeechRedist
SPORE™
Stardock Central
Steam
Steinberg Cubase SX v3.1.1.944
SyncroSoft Emu (Remove only)
Syncrosoft's License Control
System Requirements Lab
TabIt version 2.03 (Trial)
Team Fortress 2
Trojan Remover 6.7.8
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Ventrilo Client
VideoLAN VLC media player 0.8.6c
Visual Basic 5
VobSub v2.23 (Remove Only)
WA Update v3.50 beta2
Warhammer Online - Age of Reckoning
Winamp
Windows Communication Foundation
Windows Defender
Windows Defender Signatures
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Mobile® Device Handbook
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinFast(R) Display Driver
WinRAR archiver
WinZip
XviD MPEG-4 Codec
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
c:\windows\system32\drivers\UACvbqjbabwucfmlwm.sys.vir
c:\windows\system32\uacinit.dll.vir
c:\windows\ieocx.dll.vir
c:\StubInstaller.exe
Folder::
c:\documents and settings\Shayne Johnson\Application Data\Azureus
c:\Program Files\Azureus
c:\Program Files\LimeWire
c:\Program Files\Shareaza
c:\Program Files\Soulseek
c:\Program Files\utorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\StubInstaller.exe"=-
"c:\\Program Files\\Shareaza\\Shareaza.exe"=-
"c:\\Program Files\\Soulseek\\slsk.exe"=-
"c:\\Program Files\\utorrent\\utorrent.exe"=-
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
ComboFix 09-05-29.01 - Shayne Johnson 30/05/2009 17:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1560 [GMT 10:00]
Running from: c:\documents and settings\Shayne Johnson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Shayne Johnson\Desktop\CFScript.txt
FILE ::
"c:\StubInstaller.exe"
"c:\windows\ieocx.dll.vir"
"c:\windows\system32\drivers\UACvbqjbabwucfmlwm.sys.vir"
"c:\windows\system32\uacinit.dll.vir"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Shayne Johnson\Application Data\Azureus
c:\documents and settings\Shayne Johnson\Application Data\Azureus\.certs
c:\documents and settings\Shayne Johnson\Application Data\Azureus\.keystore
c:\documents and settings\Shayne Johnson\Application Data\Azureus\.lock
c:\documents and settings\Shayne Johnson\Application Data\Azureus\active\cache.dat
c:\documents and settings\Shayne Johnson\Application Data\Azureus\azureus.config
c:\documents and settings\Shayne Johnson\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Shayne Johnson\Application Data\Azureus\azureus.statistics
c:\documents and settings\Shayne Johnson\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Shayne Johnson\Application Data\Azureus\banips.config
c:\documents and settings\Shayne Johnson\Application Data\Azureus\banips.config.bak
c:\documents and settings\Shayne Johnson\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Shayne Johnson\Application Data\Azureus\dht\block.dat
c:\documents and settings\Shayne Johnson\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Shayne Johnson\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Shayne Johnson\Application Data\Azureus\dht\general.dat
c:\documents and settings\Shayne Johnson\Application Data\Azureus\dht\version.dat
c:\documents and settings\Shayne Johnson\Application Data\Azureus\downloads.config
c:\documents and settings\Shayne Johnson\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Shayne Johnson\Application Data\Azureus\friends.config
c:\documents and settings\Shayne Johnson\Application Data\Azureus\friends.config.bak
c:\documents and settings\Shayne Johnson\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\AutoSpeed_1.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\debug_2.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\seltrace_2.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\SpeedMan_1.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\SpeedMan_2.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\net\pm_4804.dat
c:\documents and settings\Shayne Johnson\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar
c:\documents and settings\Shayne Johnson\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.1.zip
c:\documents and settings\Shayne Johnson\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
c:\documents and settings\Shayne Johnson\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
c:\documents and settings\Shayne Johnson\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.5.jar
c:\documents and settings\Shayne Johnson\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.5.zip
c:\documents and settings\Shayne Johnson\Application Data\Azureus\plugins\azupnpav\plugin.properties
c:\documents and settings\Shayne Johnson\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.1
c:\documents and settings\Shayne Johnson\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.2
c:\documents and settings\Shayne Johnson\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.5
c:\documents and settings\Shayne Johnson\Application Data\Azureus\tables.config
c:\documents and settings\Shayne Johnson\Application Data\Azureus\tables.config.bak
c:\documents and settings\Shayne Johnson\Application Data\Azureus\tmp\AZU42284.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\tmp\AZU42285.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\tmp\AZU42286.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\tmp\AZU42287.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\tmp\AZU42288.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\tmp\AZU42289.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\tmp\AZU42290.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\tmp\AZU42291.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\tmp\AZU42292.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\-'mininova.org'-_The.Witcher.[MULTI5][PCDVD][WwW.GamesTorrents.CoM].t3411.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\-'mininova.org'-_www.bitreactor.to_Worms.4.Mayhem-RELOADED.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\-'mininova.org'-_www[1].bitreactor.to_Warhammer_Mark_Of_Chaos_Razor1911.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\(PSX)_Parappa_The_Rapper_-_Full_CD.3325307.TPB.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\[Snarf-It.org]_10.25.06.Dark_Messiah_Of_Might_And_Magic_CLONEDVD-PROCYON.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\[Snarf-It.org]_S.T.A.L.K.E.R._STALKER__Shadow_of_Chernobyl-ViTALiTY[2].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\[Snarf-It.org]_Worms_Armageddon.rar.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\[TBox].S.T.A.L.K.E.R..(STALKER)..Shadow.of.Chernobyl-ViTALiTY[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\[TBox]_Cradle_of_Filth[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\__EW_QL_Symphonic_Orchestra_Gold_Edition_VST...[www.btmon.com].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\_EW_QL_Symphonic_Orchestra_Gold_Edition_VST...[www.btmon.com].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\{mininova.org}_Cubase.SX.v3.1.1.944-H2O.with.ED.SX3.Video.Tutorials-DELiRiUM.DVDr.UNOX.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\{mininova.org}_Pimsleur_Gigatorrent.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\~MegaNova.Org~_-_[isoHunt]_Heroes_of_Might_and_Magic_5_Collectors_Edition-RELOADED.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\300.DVDSCR.XviD-NEPTUNE[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Akercocke-Choronzon-(retail)-2003-RNS.4320842.TPB[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AOAA_-_Before_the_Throne_of_Infection_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Asphalt_4_Elite_Racing_HD__(WVGA_Version).4717881.TPB[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AUTODESK.ALIASSTUDIO.V2008-ISO_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AUTODESK.ALIASSTUDIO.V2009.DVD-ISO_[NT_-_NeMeSYZ.com]_[mininova].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Autodesk_AliasStudio_2009_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Autodesk_AutoCAD_2008_Full_Version_Incl_Keygen_[H33T]_[Original][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Azgard_Defence_w__Serial_Key.4464823.TPB[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU14181.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU1430.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU1434.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU22618.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU22634.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU26930.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU26932.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU26935.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU26961.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU27686.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU27966.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU29329.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU29332.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU30892.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU37380.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU37382.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU3854.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU3857.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU45231.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU47125.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU47128.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU57861.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU58882.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU60579.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\AZU65528.tmp
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\b-mininova.org-d__Half_Life_2_+_Day_of_Defeat_Source_+_Deathmatch_+_Lost_Coast_+_Metastasis_2[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Behemoth_-_Demigod_nova_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Behemoth_-_Ezkaton_(2008)[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Behemoth_-_The_Apostasy_[2007].4514224.TPB[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\BitDefender.Total.Security.2009+Patch[Tested][SADEL_ANWAR]_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Cannibal_Corpse_-_Kill_(2006)_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Cattle_Decapitation-The_Harvest_Floor-2009-wWw.FiveMP3.CoM_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_DVD9-FLT[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_DVD9-FLT_Rarfix_flt-cnc3.081[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Cynic_-_Traced_In_Air_(2008).4403362.TPB_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\d-mininova.org-b__www.so-king.com_soft_EW.QL.Symphonic.Choirs.VSTi.DXi.AU.RTAS.HYBRiD.DVDR.D2-AI[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Daemon_Tools_Pro_Advanced_v4_10[www.btmon.com].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Decrepit_Birth_(USA)_-_Diminishing_Between_Worlds_(2008)_[mp3@320]_[Death_Metal]_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Drumkit_From_Hell_2_East_West_Quantum_Leap.3527568.TPB.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Eragon.2006.PROPER.DVDRip.XviD-FLAiTE[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\EW_QL_Symphonic_Orchestra_Gold_Edition_VST...[www.btmon.com].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\EZ_DRUMMER_COMPLETE_COLLECTION_by_FTF96[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Fallout.1.and.2[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\fenopy_Final_Fantasy_IX__9___NTSC-US__4CDs.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Final_Fantasy_IX_9_NTSC-US_4CDs[www.btmon.com].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\FriendBlaster_Pro_10.2.0_CRACKED.4539025.TPB[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\FriendBlaster_Pro_10.3.2_cracked_-_LillBert.4784605.TPB[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\FriendBlasterPro_Patch_[WORKING][6k_Pregathered_ID].4403026.TPB[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\FriendBlasterPro_v10.1.6_Patch.4419722.TPB[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\FriendBlasterProCrack-Bden.zip_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Gears_of_war_[PC-DVD]_[Multi5]_[www.topetorrent.com]_[mininova].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Gothic_3_-_English_Version_(Image_Only).3539871.TPB.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Gothic_3____beni0__[-www.meganova.org-].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Guitar Pro 5.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Guitar_Pro_v5.2_(Full_Version_with_CD_Key)_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Guthrie_Govan_-_Erotic_Cakes_2006_[mininova].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\IK_Multimedia_Amplitube_v2.1_+_Amplitube_Metal_v1.0__[With_Keygen_BEAT]_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Iniquity_-_Discografía_[heavytorrents.org]_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Jade.Empire.SE.[PROCYON].Fix.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Jade_Empire_Special_Edition_CLONEDVD-PROCYON_%5Bwww.NewTorrents.info%5D[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Jamiroquai_-_High_Times_(The_Singles_1992-2006)_[2006]_[Alternative]_[www.file24ever.com]_[mininova].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Jamiroquai_[mininova].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\M.E.PC.crack.rar_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Mage.Knight.Apocalypse-RELOADED_[www.NewTorrents.info].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Mass.Effect.[English][PCDVD][WwW.GamesTorrents.CoM].t4121_[mininova].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Mass_Effect_gmfix_working_crack_really_this_time.4220207.TPB.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Maximum_The_Hormone_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Native.Instruments.Guitar.Rig.v3.0-AMPLiFY.rar_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Never_Winter_Nights__-mininova.org-_[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Neverwinter_Nights_2_CLONEDVD-PROCYON_[www.NewTorrents.info].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\New.!!!.Bigtitsroundasses.episode..Karma.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Obscura_-_Cosmogenesis_(2009)_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Oceano_-_Depths_(2009)_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Old_Man's_Child_-_Slaves_Of_The_World_(2009)_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Palm_Heroes_v1.03_ENG___Crack_[PocketPC].4188098.TPB[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\PCSX2_0.9.2_Bios_and_Plugins.rar.torrent[www.btmon.com].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Psycroptic-Ob(Servant)-(Advance)-2008-FNT_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\S.T.A.L.K.E.R.Shadow.of.Chernobyl-ViTALiTY[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\scientology.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Stalker_-_Shadow_of_Chernobyl_Prima_Game_Guide(f81).3650721.TPB.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Strapping_young_lad_-_the_new_black.4198452.TPB[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Sunbelt_VIPRE_Antivirus___Antispyware_v3.1.2416___Patch_[RH].4712676.TPB[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\The.Elder.Scrolls.IV.Oblivion.The.Shivering.Isles.PROPER-RELOADED[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\The_Absence_-_Riders_Of_The_Plague_320kbps_(2007)_.3767045.TPB[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\The_Faceless_-_Planetary_Dulaity_(2008)_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\The_Faceless_(2_songs_from_Planetary_Duality)[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\The_Red_Shore_-_Unconsecrated_(2008)_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\The_Red_Shore_(Aus)_-_Lost_Verses_(2009)_[mp3@vbr]_[Technical_Death-Metalcore]_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Toontrack_DFH_EZdrummer_VSTi_1.02_+_coctail_bank[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Toontrack_EZDrummer_-_DRUMKIT_FROM_HELL_EZX.zip_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Tyra_from_Big_Tits_Round_Asses[www.btmon.com].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\WaveMachine.Labs.Drumagog.Platinum.VST.RTAS.v4.09c.incl.Keygen-AiR_%5Bwww.NewTorrents.info%5D[1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\WaveMachine.Labs.Drumagog.Platinum.VST.RTAS.v4.11.Incl.Keygen-AiR(plus750MB.gog.samples)_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\WaveMachine.Labs.Drumagog.VST.RTAS.v4.09.incl.Keygen-AiR.RAR_[mininova][1].torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\tracker.config
c:\documents and settings\Shayne Johnson\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Shayne Johnson\Application Data\Azureus\update.log
c:\documents and settings\Shayne Johnson\Application Data\Azureus\update.properties
c:\program files\Azureus
c:\program files\Azureus\AzureusUpdater.exe
c:\program files\Azureus\javaw.exe.manifest
c:\program files\Azureus\msvcr71.dll
c:\program files\Azureus\plugins\azplugins\azplugins_1.9.1.jar
c:\program files\Azureus\plugins\azplugins\azplugins_2.0.jar
c:\program files\Azureus\plugins\azplugins\azplugins_2.1.1.jar
c:\program files\Azureus\plugins\azplugins\azplugins_2.1.4.jar
c:\program files\Azureus\plugins\azrating\azrating_1.3.1.jar
c:\program files\Azureus\plugins\azrating\azrating_1.3.jar
c:\program files\Azureus\plugins\azupdater\azupdater_1.8.5.zip
c:\program files\Azureus\plugins\azupdater\azupdater_1.8.8.zip
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.3.jar
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.5.jar
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar
c:\program files\Azureus\plugins\azupdater\plugin.properties
c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.5
c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.8
c:\program files\Azureus\plugins\azupdater\Updater.jar
c:\program files\Azureus\plugins\azupdater\Updater.jar.bak
c:\program files\Azureus\swt-awt-win32-3139.dll
c:\program files\Azureus\swt-awt-win32-3318.dll
c:\program files\Azureus\swt-gdip-win32-3139.dll
c:\program files\Azureus\swt-gdip-win32-3318.dll
c:\program files\Azureus\swt-wgl-win32-3318.dll
c:\program files\Azureus\swt-win32-3139.dll
c:\program files\Azureus\swt-win32-3318.dll
c:\program files\Azureus\Uninstall.exe
c:\program files\Shareaza
c:\program files\Shareaza\Downloads\BangBus Bang Bus - Isabelle.mpeg
c:\program files\Shareaza\Downloads\Metadata\BangBus Bang Bus - Isabelle.mpeg.xml
c:\program files\Soulseek
c:\program files\Soulseek\attrstrings.cfg
c:\program files\Soulseek\autoaway.cfg
c:\program files\Soulseek\chatrooms.cfg
c:\program files\Soulseek\chatui.cfg
c:\program files\Soulseek\dlbans.cfg
c:\program files\Soulseek\extensions.cfg
c:\program files\Soulseek\hotlist.cfg
c:\program files\Soulseek\ignores.cfg
c:\program files\Soulseek\login.cfg
c:\program files\Soulseek\pchat.cfg
c:\program files\Soulseek\port.cfg
c:\program files\Soulseek\queue.cfg
c:\program files\Soulseek\queue2.cfg
c:\program files\Soulseek\rcmnd.cfg
c:\program files\Soulseek\save.cfg
c:\program files\Soulseek\search.cfg
c:\program files\Soulseek\shared.cfg
c:\program files\Soulseek\ticker.cfg
c:\program files\Soulseek\transfersview.cfg
c:\program files\Soulseek\ui.cfg
c:\program files\Soulseek\userinfo.cfg
c:\program files\Soulseek\usernotes.cfg
c:\program files\Soulseek\wishlist.cfg
c:\program files\utorrent
c:\StubInstaller.exe
c:\windows\ieocx.dll.vir
c:\windows\system32\drivers\UACvbqjbabwucfmlwm.sys.vir
c:\windows\system32\uacinit.dll.vir
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.
2009-05-29 12:21 . 2009-05-29 12:21 -------- d-----w c:\program files\Common Files\Creative Labs Shared
2009-05-24 03:07 . 2009-05-24 03:29 -------- d-----w c:\program files\PhotoScape
2009-05-23 15:08 . 2009-04-29 07:51 2933624 ----a-w c:\documents and settings\Shayne Johnson\Application Data\Simply Super Software\Trojan Remover\jjw1.exe
2009-05-23 07:18 . 2009-05-23 07:18 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\PACE Anti-Piracy
2009-05-23 07:18 . 2009-05-23 07:18 -------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-05-23 07:18 . 2009-05-23 07:18 -------- d-----w c:\program files\Common Files\PACE Anti-Piracy
2009-05-23 07:18 . 2009-05-23 07:18 -------- d-----w c:\documents and settings\Shayne Johnson\Local Settings\Application Data\PACE Anti-Piracy
2009-05-23 06:58 . 2009-05-23 06:58 69632 ----a-r c:\documents and settings\Shayne Johnson\Application Data\Microsoft\Installer\{66F49D6A-E999-4DB0-ADB6-EE546806E340}\NewShortcut2_33D628D2DE174DBC9E7D9A4B4649EF81.exe
2009-05-23 06:58 . 2009-05-23 06:58 29926 ----a-r c:\documents and settings\Shayne Johnson\Application Data\Microsoft\Installer\{66F49D6A-E999-4DB0-ADB6-EE546806E340}\ARPPRODUCTICON.exe
2009-05-23 06:58 . 2009-05-23 06:58 -------- d-----w c:\program files\Antares Audio Technologies
2009-05-23 06:58 . 2009-05-23 06:58 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\Antares
2009-05-20 11:41 . 2009-05-20 11:45 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\REAPER
2009-05-20 11:41 . 2009-05-20 11:41 -------- d-----w c:\program files\REAPER
2009-05-20 07:58 . 2009-05-20 07:58 -------- d-----w c:\program files\AnalogX
2009-05-19 11:53 . 2009-05-19 20:41 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\Twain
2009-05-19 11:43 . 2009-05-19 11:43 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\ptidl
2009-05-19 11:43 . 2009-05-19 11:43 10752 ----a-w c:\documents and settings\Shayne Johnson\Application Data\ptidl\ptidl.exe
2009-05-10 10:34 . 2008-06-19 07:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-10 10:34 . 2009-05-10 10:34 -------- d-----w c:\program files\Panda Security
2009-05-10 10:06 . 2009-05-10 10:06 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\Malwarebytes
2009-05-10 09:45 . 2009-05-10 09:45 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-10 09:39 . 2006-06-19 03:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
2009-05-10 09:39 . 2006-05-25 05:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
2009-05-10 09:39 . 2005-08-25 15:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
2009-05-10 09:39 . 2003-02-02 10:06 153088 ----a-w c:\windows\system32\UNRAR3.dll
2009-05-10 09:39 . 2002-03-05 15:00 75264 ----a-w c:\windows\system32\unacev2.dll
2009-05-10 09:39 . 2009-05-10 09:39 -------- d-----w c:\program files\Trojan Remover
2009-05-10 09:39 . 2009-05-10 09:39 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\Simply Super Software
2009-05-10 09:39 . 2009-05-10 09:39 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-05-10 09:16 . 2009-05-10 09:16 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\AVGTOOLBAR
2009-05-10 09:16 . 2009-05-10 09:18 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-10 09:16 . 2009-05-10 09:16 -------- d-----w c:\program files\AVG
2009-05-10 09:13 . 2009-05-10 09:13 -------- d-----w c:\program files\Trend Micro
2009-05-10 09:12 . 2009-04-06 05:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-10 09:12 . 2009-04-06 05:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 09:12 . 2009-05-10 09:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-10 09:12 . 2009-05-10 09:12 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 12:25 . 2006-11-10 05:00 -------- d-----w c:\program files\Steam
2009-05-29 12:22 . 2006-07-24 08:48 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-29 12:22 . 2005-10-29 11:35 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-05-29 12:22 . 2005-10-29 11:32 109080 ----a-w c:\windows\system32\OpenAL32.dll
2009-05-27 10:14 . 2009-01-12 09:51 32 ----a-w c:\windows\msocreg32.dat
2009-05-27 05:41 . 2006-07-24 09:04 -------- d-----w c:\documents and settings\All Users\Application Data\Creative
2009-05-23 23:26 . 2009-04-16 21:37 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-18 11:50 . 2006-07-25 10:52 -------- d-----w c:\program files\Winamp
2009-05-13 11:22 . 2006-12-10 11:46 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-10 09:08 . 2007-08-29 07:27 -------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2009-05-10 09:03 . 2009-04-28 10:53 -------- d-----w c:\program files\BitDefender
2009-05-10 09:03 . 2009-04-28 10:53 -------- d-----w c:\program files\Common Files\BitDefender
2009-05-09 07:24 . 2008-09-03 09:53 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\Skype
2009-05-06 07:45 . 2008-09-03 09:53 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\skypePM
2009-04-28 15:02 . 2008-12-03 09:01 -------- d-----w c:\program files\FriendBlasterPro
2009-04-28 11:03 . 2006-07-24 12:04 115960 ----a-w c:\documents and settings\Shayne Johnson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 10:51 . 2007-08-26 11:41 223784 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-19 10:06 . 2009-04-19 10:06 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-17 08:52 . 2009-04-17 08:52 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-17 08:51 . 2009-04-17 08:51 -------- d-----w c:\program files\Windows Mobile Device Handbook
2009-04-16 21:44 . 2009-04-16 21:37 -------- d-----w c:\program files\Easy Adder
2009-04-16 17:19 . 2008-12-21 02:30 -------- d-----w c:\program files\Google
2009-04-16 17:01 . 2008-08-29 12:42 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-15 10:51 . 2009-04-15 10:51 -------- d-----w c:\program files\CSV Easy
2009-04-10 01:09 . 2009-04-10 01:08 116 ----a-w c:\documents and settings\Shayne Johnson\Application Data\netstat.bat
2009-04-10 01:09 . 2009-04-10 01:08 116 ----a-w c:\documents and settings\Shayne Johnson\Application Data\netstat.bat
2009-04-01 08:26 . 2009-04-01 08:26 -------- d-----w c:\program files\Microsoft Works
2009-04-01 08:25 . 2009-04-01 08:25 -------- d-----w c:\program files\Microsoft.NET
2009-04-01 08:10 . 2007-09-26 05:16 -------- d-----w c:\documents and settings\Shayne Johnson\Application Data\GetRightToGo
2009-03-18 10:46 . 2009-03-18 10:46 737280 ----a-w c:\windows\iun6002.exe
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-05 06:55 . 2009-03-19 15:49 4604240 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{326F52A0-E5BA-4774-9D5B-04D69FA713F3}\mpengine.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-29_08.23.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-29 12:21 . 2008-10-07 15:22 15384 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\pfmodnt.sys
+ 2009-05-29 12:21 . 2008-10-07 15:22 95768 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\emupia2k.sys
+ 2009-05-29 12:21 . 2008-10-07 15:21 14360 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\ctprxy2k.sys
+ 2009-05-29 12:21 . 2008-10-07 15:21 72728 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\CTHWIUT.sys
+ 2009-05-29 12:21 . 2008-10-07 13:44 86016 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\ctcoinst.dll
+ 2009-05-29 12:21 . 2008-10-07 13:23 26919 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\ctd20x.dat
+ 2009-05-29 12:21 . 2008-07-11 05:40 56509 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\ctdnlstr.dat
+ 2009-05-29 12:21 . 2008-04-14 00:12 23552 c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\wdmaud.drv
+ 2009-05-29 12:21 . 2008-04-13 18:45 49408 c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\stream.sys
+ 2009-05-29 12:21 . 2008-04-13 18:45 60160 c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\drmk.sys
+ 2009-05-29 12:21 . 2008-10-07 13:26 10240 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\sfman32.dll
+ 2009-05-29 12:21 . 2008-10-07 13:26 16384 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\regplib.exe
+ 2009-05-29 12:21 . 2008-10-07 13:26 68608 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\piaproxy.dll
+ 2009-05-29 12:21 . 2008-10-07 13:23 12800 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\killapps.exe
+ 2009-05-29 12:21 . 2001-07-11 00:51 77824 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\eaxac3.dll
+ 2009-05-29 12:21 . 2008-10-07 13:23 36864 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\devreg.dll
+ 2009-05-29 12:21 . 2008-10-07 13:41 39424 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\CTxfiSpk.dll
+ 2009-05-29 12:21 . 2008-10-07 13:37 47104 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\CTxfiReg.exe
+ 2009-05-29 12:21 . 2008-10-07 13:41 23552 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\Ctxfihlp.exe
+ 2009-05-29 12:21 . 2008-10-07 13:41 41472 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\CTxfiBtn.dll
+ 2009-05-29 12:21 . 2007-03-13 00:32 89336 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\ctpxst32.exe
+ 2009-05-29 12:21 . 2008-10-07 13:26 74752 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\ctosuser.dll
+ 2009-05-29 12:21 . 2008-10-07 13:27 53248 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\ctdproxy.dll
+ 2009-05-29 12:21 . 2008-10-07 13:27 50688 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\ctasio.dll
+ 2009-05-29 12:21 . 2008-10-07 13:37 15360 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\Ct20xspi.dll
+ 2009-05-29 12:21 . 2006-12-05 04:52 48400 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\AddCat.exe
+ 2009-05-29 12:21 . 2008-10-07 13:42 48640 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\ac3api.dll
+ 2009-05-29 12:21 . 2008-10-07 13:42 60928 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\a3d.dll
+ 2009-05-29 12:21 . 2008-10-07 13:23 2091 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\cts20x.dat
+ 2009-05-29 12:21 . 2008-10-07 13:41 2560 c:\windows\system32\ReinstallBackups\0018\DriverFiles\lang\i386\CtxfiRes.dll
+ 2009-05-29 12:21 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\ksuser.dll
+ 2009-05-29 12:21 . 2008-10-07 13:23 7680 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\enlocstr.exe
+ 2009-05-29 12:21 . 2008-10-07 15:22 158744 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\ctsfm2k.sys
+ 2009-05-29 12:21 . 2008-10-07 15:21 130072 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\ctoss2k.sys
+ 2009-05-29 12:21 . 2008-10-07 13:44 181248 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\ctdvinst.dll
+ 2009-05-29 12:21 . 2008-10-07 15:21 347080 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\ctdvda2k.sys
+ 2009-05-29 12:21 . 2008-10-07 15:21 526232 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\ctaud2k.sys
+ 2009-05-29 12:21 . 2008-10-07 15:21 511000 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\ctac32k.sys
+ 2009-05-29 12:21 . 2008-10-07 15:21 171032 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\CT20XUT.sys
+ 2009-05-29 12:21 . 2008-10-07 13:26 275257 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP0760W.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 277688 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP073AW.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 277688 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP0730W.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 357983 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP0679W.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 357983 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP0678W.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 275766 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP055AW.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 276094 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP0550W.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 275508 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP046CW.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 275508 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP046BW.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 275508 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP046AW.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 275836 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP0469W.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 275836 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP0468W.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 275836 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP0466W.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 275836 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP0465W.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 275836 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP0464W.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 276282 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP0463W.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 275836 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP0462W.DAT
+ 2009-05-29 12:21 . 2008-10-07 13:26 275836 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\Data\CTP0460W.DAT
+ 2009-05-29 12:21 . 2008-07-11 05:40 321512 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\ctdlang.dat
+ 2009-05-29 12:21 . 2008-04-13 19:19 146048 c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\portcls.sys
+ 2009-05-29 12:21 . 2008-04-13 19:16 141056 c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\ks.sys
+ 2009-05-29 12:21 . 2008-10-07 13:26 108544 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\sfms32.dll
+ 2009-05-29 12:21 . 2008-04-22 20:07 805400 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\oalinst.exe
+ 2009-05-29 12:21 . 2008-10-07 13:30 114688 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\ctemupia.dll
+ 2009-05-29 12:21 . 2008-10-07 13:27 193024 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\ct_oal.dll
+ 2009-05-29 12:21 . 2008-07-17 23:39 595249 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\APOIM32.exe
+ 2009-05-29 12:21 . 2008-10-07 15:22 1177624 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\ha20x2k.sys
+ 2009-05-29 12:21 . 2008-10-07 15:21 1324056 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Win2K_XP\i386\CTEXFIFX.sys
+ 2009-05-29 12:21 . 2008-10-07 13:37 1212928 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\CTxfispi.exe
+ 2009-05-29 12:21 . 2008-09-25 05:40 20888640 c:\windows\system32\ReinstallBackups\0018\DriverFiles\Common\i386\AppSetup.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="c:\program files\steam\steam.exe" [2009-05-19 1217784]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2008-10-10 4789760]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-11 132496]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2007-04-05 684118]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-17 45056]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-04-29 1053576]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-02-20 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-10-07 23552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-23 437160]
c:\documents and settings\Shayne Johnson\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\goofpig\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Electronic Arts\\Warhammer Online - Age of Reckoning\\warpatch.exe"=
"c:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steinberg\\Cubase SX 3\\Cubasesx3.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"9420:TCP"= 9420:TCP:*:Disabled:Red Swoosh
"5000:UDP"= 5000:UDP:*:Disabled:Red Swoosh
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/05/2009 8:34 PM 28544]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 6:19 PM 13592]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [26/12/2006 10:49 AM 33792]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [8/10/2008 1:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [8/10/2008 1:21 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [8/10/2008 1:21 AM 72728]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [24/06/2008 9:52 PM 33792]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys --> c:\windows\system32\DRIVERS\nvtvsnd.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [29/05/2009 10:21 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [8/10/2008 1:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [8/10/2008 1:21 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [8/10/2008 1:21 AM 72728]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28/08/2006 11:54 PM 10664]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [24/06/2004 2:52 PM 7552]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
2009-05-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 08:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Shayne Johnson\Start Menu\Programs\IMVU\Run IMVU.lnk
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 17:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1644491937-1343024091-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a0,cd,fe,5c,74,70,f0,e0,fe,dd,3f,57,6a,0b,12,07,09,41,3c,a4,66,db,4a,
33,70,23,9d,42,c6,2b,0e,1e,f6,5b,47,fa,e6,59,57,06,a9,df,92,e5,b4,77,e0,fe,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
[HKEY_USERS\S-1-5-21-1644491937-1343024091-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:5c,55,d6,96,78,5c,ff,a2,06,24,2e,aa,54,b7,8f,7a,46,cf,6a,1d,4d,
6e,40,0e,e6,56,a0,d2,d8,25,d5,ab,f1,44,39,c8,fd,59,b0,51,07,aa,d8,16,7c,32,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
Completion time: 2009-05-30 18:01
ComboFix-quarantined-files.txt 2009-05-30 08:00
ComboFix2.txt 2009-05-29 08:29
Pre-Run: 35,793,203,200 bytes free
Post-Run: 36,117,147,648 bytes free
Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
550 --- E O F --- 2009-05-09 23:08
Ok, we have more to uninstall.
You will need to uninstall these as they are not legit:
AutoCAD 2008 - English
Autodesk 3ds Max 9 32-bit
Autodesk AliasStudioPLE 2008
Autodesk DWF Viewer 7
Autodesk Inventor 6
Fallout
FriendBlasterPro
Guitar Pro 5.2
Mass Effect
Native Instruments Guitar Rig 3
Post back a fresh uninstall afterwards, please.
No worries.
I left Guitar Pro 5.2, since i've had it installed for years (this machines is getting old) and i use it for work.
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3dsmax ancillary install
7-Zip 4.42
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
AGEIA PhysX v7.09.13
AmpliTube Metal
AmpliTube2
AnalogX Vocoder
Antares Auto-Tune Evo VST
Apple Mobile Device Support
Apple Software Update
Backburner
Battlefield 2142
BioShock
BitDefender Definitions Update
Bonjour
CleanUp!
CrazyTalk for Skype
Creative Audio Control Panel
Creative Media Toolbox
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
CSV Easy 1.1.2
Curse Client
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Drumagog 4
EA Download Manager
Easy Adder 3.37
Edirol HQ Orchestral VSTi v1.03
Edirol Hyper Canvas
EZdrummer
EZXDfh
Finale NotePad 2006
FW LiveUpdate
Galactic Civilizations II - Gold Edition
GCFScape 1.4.0
Guitar Pro 5.2
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Hellgate: London
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
ICQ 5.1
IGN Download Manager 2.2.2
InterVideo WinDVD
InterVideo WinDVD Creator 2
iriver plus (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.88 Full
LibUSB-Win32-0.1.10.1
Logitech Desktop Messenger
Logitech Harmony Remote Client
Malwarebytes' Anti-Malware
Media Manager for WALKMAN 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MilkDrop for Winamp 2x (remove only)
MINERVA: Metastasis 2
mIRC
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MTP Porting Kit
Natural Color
Nero OEM
Nero Suite
ninemsn Internet Software
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
OGA Notifier 1.7.0105.35.0
OpenAL
Organ One v. 2.10
Panda ActiveScan 2.0
PC Connectivity Solution
PeerGuardian 2.0
PhotoScape
PlayLinc
PlayNC Launcher
Portal
Power Tab Editor 1.7
PowerISO
Project64 1.6
QuickSFV (Remove only)
QuickTime
REAPER
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Skype™ 3.8
Sound Blaster X-Fi
SpeechRedist
SPORE™
Stardock Central
Steam
Steinberg Cubase SX v3.1.1.944
SyncroSoft Emu (Remove only)
Syncrosoft's License Control
System Requirements Lab
TabIt version 2.03 (Trial)
Team Fortress 2
Trojan Remover 6.7.8
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Ventrilo Client
VideoLAN VLC media player 0.8.6c
Visual Basic 5
VobSub v2.23 (Remove Only)
WA Update v3.50 beta2
Warhammer Online - Age of Reckoning
Winamp
Windows Communication Foundation
Windows Defender
Windows Defender Signatures
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Mobile® Device Handbook
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinFast(R) Display Driver
WinRAR archiver
WinZip
XviD MPEG-4 Codec
Well you will need to uninstall it due to these; it is not legit:
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Guitar Pro 5.torrent
c:\documents and settings\Shayne Johnson\Application Data\Azureus\torrents\Guitar_Pro_v5.2_(Full_Version_with_CD_Key)_[mininova][1].torrent
So do that and post back a fresh uninstall list afterwards, please.
Done.
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3dsmax ancillary install
7-Zip 4.42
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
AGEIA PhysX v7.09.13
AmpliTube Metal
AmpliTube2
AnalogX Vocoder
Antares Auto-Tune Evo VST
Apple Mobile Device Support
Apple Software Update
Backburner
Battlefield 2142
BioShock
BitDefender Definitions Update
Bonjour
CleanUp!
CrazyTalk for Skype
Creative Audio Control Panel
Creative Media Toolbox
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
CSV Easy 1.1.2
Curse Client
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Drumagog 4
EA Download Manager
Easy Adder 3.37
Edirol HQ Orchestral VSTi v1.03
Edirol Hyper Canvas
EZdrummer
EZXDfh
Finale NotePad 2006
FW LiveUpdate
Galactic Civilizations II - Gold Edition
GCFScape 1.4.0
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Hellgate: London
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
ICQ 5.1
IGN Download Manager 2.2.2
InterVideo WinDVD
InterVideo WinDVD Creator 2
iriver plus (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.88 Full
LibUSB-Win32-0.1.10.1
Logitech Desktop Messenger
Logitech Harmony Remote Client
Malwarebytes' Anti-Malware
Media Manager for WALKMAN 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MilkDrop for Winamp 2x (remove only)
MINERVA: Metastasis 2
mIRC
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MTP Porting Kit
Natural Color
Nero OEM
Nero Suite
ninemsn Internet Software
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
OGA Notifier 1.7.0105.35.0
OpenAL
Organ One v. 2.10
Panda ActiveScan 2.0
PC Connectivity Solution
PeerGuardian 2.0
PhotoScape
PlayLinc
PlayNC Launcher
Portal
Power Tab Editor 1.7
PowerISO
Project64 1.6
QuickSFV (Remove only)
QuickTime
REAPER
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Skype™ 3.8
Sound Blaster X-Fi
SpeechRedist
SPORE™
Stardock Central
Steam
Steinberg Cubase SX v3.1.1.944
SyncroSoft Emu (Remove only)
Syncrosoft's License Control
System Requirements Lab
TabIt version 2.03 (Trial)
Team Fortress 2
Trojan Remover 6.7.8
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Ventrilo Client
VideoLAN VLC media player 0.8.6c
Visual Basic 5
VobSub v2.23 (Remove Only)
WA Update v3.50 beta2
Warhammer Online - Age of Reckoning
Winamp
Windows Communication Foundation
Windows Defender
Windows Defender Signatures
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Mobile® Device Handbook
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinFast(R) Display Driver
WinRAR archiver
WinZip
XviD MPEG-4 Codec
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Cool,
I've tried to start this Kapersky scanner multiple times, and every single time, it installs no problem; but cannot update.
it says:
"Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7.0 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7.0. [ERROR: Failed to connect to update source]"
Has the virus blocked these sites?
No I don't think so. Please try using different browser.
Alright,
I tried installing and downloading Firefox.
It installs fine, but when I click to get it to run, nothing happens.
So then I tried downloading Opera, which worked.
But the same issue as before occurs.
"Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7.0 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7.0. [ERROR: Failed to connect to update source]"
So then try this instead:
Please go to ESET Online Scanner (http://www.eset.eu/online-scanner) - © ESET All Rights Reserved... to run an online scan.
Note: You - will - need to use Internet Explorer for this scan!
Check the box next to "YES, I accept the Terms of Use."
Click "Start"
Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
Once installed, the scanner will be initialized.
Click "Start". Make sure that the options: Remove found threats is UNCHECKED
Scan unwanted applications is CHECKED
Click "Scan"
Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste the contents of log.txt in your next reply.
That scanner doesn't seem to want to work either.
After clicking I agree, the page appears as if it's loading but is completely blank.
The ActiveX bar, does not appear.
I tried adding the website to my "Trusted Sites" to no avail. As well as deleting my temporary internet files.
It just doesn't want to work. :(
So we use this:
Download to the desktop: Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe)
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.
Ok,
Everytime I tried to scan using Dr Web Cure-it, it crashed halfway through.
However, on the first run, it did pick up two files, one of which was a trojan.
As a substitute, I ran the computer in safe mode (with networking) and ran MalwareBytes' Anti-Malware, which picked up 7 files.
Here is the log.
----
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3
31/05/2009 11:16:26 PM
mbam-log-2009-05-31 (23-16-26).txt
Scan type: Full Scan (C:\|)
Objects scanned: 329259
Time elapsed: 1 hour(s), 57 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.73 85.255.112.219 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c422d439-1746-4d2d-99cf-4d05ccc19efe}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.73 85.255.112.219 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.73 85.255.112.219 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c422d439-1746-4d2d-99cf-4d05ccc19efe}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.73 85.255.112.219 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{FB33DB49-C1F2-46F1-A52D-903086F0FF2A}\RP1082\A0064174.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
And the HiJack This log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:05 AM, on 1/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Shayne Johnson\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183401949718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 12262 bytes
OK that looks good :)
Still problems?
Thankyou very much for all your help Shaba,
However, the problem still remains :(
Windows won't update; I'm still taken to Google when i type in Update.Microsoft.com, many of the spyware/antivirus detection pages are blocked.
:(
What else is able to be done?
Do you connect to internet via router?
Hi there Shaba!
My thoughts exactly, with the router.
I fixed it!
I logged onto my router and found that it was connecting to a weird DNS.
So I reset my router back to factory settings and upgraded my password.
Everything works perfectly again!
:cowboy:
Thankyou for all your help!
Good :)
Next step would be installing antivirus:
Looking over your log, it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.
You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.
After that, please post back a fresh HijackThis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:57 PM, on 1/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\program files\steam\steam.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Shayne Johnson\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183401949718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 13231 bytes
That's better :)
Still some issues?
That's better :)
Still some issues?
None :D:
Thanks heaps! :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.